2 answers

This is possible to do by playing around with the Keystone endpoint table. The only problematic area is that it doesn't work in Horizon without making some changes.

This document describes the changes needed to get Horizon to work. I have been meaning to turn this into a proper blog post or article so it's actually searchable on the web. See the section on "Central Authentication".

There's a Blueprint that I have been meaning to work on that would officially incorporate these changes.

Besides regions, there's also Cells. Although fundamentally different than Regions, Cells can partition your OpenStack cloud into separate areas while still sharing services between areas.

I have, yes. The blueprint was created from the result of conversation with him. I hope find time to work on it in the coming months. Two reasons why I haven't yet are just out of laziness and ensuring work wouldn't be duplicated wrt Cells.